No employer wants to believe that a member of their staff would voluntarily compromise confidential information. Unfortunately, internal data breaches occur all too often, yet they are still not considered a real threat by many organizations. That’s a real problem considering not only the cost attached to these breaches, $194 per stolen record as of 2011, but also the fact that it takes on average 87 days (according to a Ponemon 2012 report) for an organization to even recognize that an internal breach is taking place. It shouldn’t come as any surprise that a lot of data can be compromised in that amount of time.
It was recently reported that the insurance provider, Blue Cross Blue Shield, was impacted by a data leak that spanned from November 2011 to October 2012. After an investigation, it was revealed that a current employee who worked for a call center used by the insurance company was responsible for the leak. They have since been terminated from their position, but that doesn’t undo the damage that’s already been done.
We’ve already shared some steps on what to do when an employee departs your organization in order to protect sensitive information, but what about when someone is still employed by your company? It’s inevitable that employees are going to need access to confidential items in order to do their job, so how do you ensure that their intentions are honest?
Here are three tips to help protect your information.
Ban external devices
USB devices are an easy way to transmit information. They’re small, and their large storage sizes allow them to carry significant amounts of data. Protect your privileged information by forbidding the use of USBs or any other external storage devices in your organization. The same goes for rewritable CDs. This function is rarely required anymore, so mitigate risk by not allowing staff to burn CDs on their corporate computers.
Implement a BYOD policy
The use of mobile devices can encourage the sharing of confidential information. Mobile devices give employees the ability to transport and access privileged documents at any time or place. Here are some tips on what to include in your office’s BYOD policy.
Engage in secure file sharing
Secure file sharing is an exceptional solution for understanding how data is being shared. Choose a secure file sharing provider that offers a tracking mechanism for not only your files, but also access to the system in general so that it’s always easy to track the flow of data.
What else is your organization doing to prevent employees from sharing confidential information? Let us know in the comments below.